| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Defender und bestimmt noch mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2009, 18:17
| #16 |
  |  System Defender und bestimmt noch mehr
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around!  |
|
04.12.2009, 18:19
| #17 |
 | System Defender und bestimmt noch mehr Logfile of random's system information tool 1.06 (written by random/random)
__________________Run by Harms at 2009-12-04 18:18:49 Microsoft Windows XP Home Edition Service Pack 3 System drive I: has 14 GB (23%) free of 59 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:01, on 04.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\spoolsv.exe I:\Programme\Avira\AntiVir Desktop\sched.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\FRITZ!DSL\IGDCTRL.EXE I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE I:\WINDOWS\SOUNDMAN.EXE I:\Programme\CDBurnerXP\NMSAccessU.exe I:\WINDOWS\system32\RUNDLL32.EXE I:\WINDOWS\system32\nvsvc32.exe I:\Programme\Avira\AntiVir Desktop\avgnt.exe I:\WINDOWS\system32\HPZipm12.exe I:\WINDOWS\tsnp2std.exe I:\WINDOWS\ZSSnp211.exe I:\WINDOWS\Domino.exe I:\WINDOWS\system32\PnkBstrA.exe I:\WINDOWS\system32\ctfmon.exe I:\WINDOWS\system32\svchost.exe M:\Programme\DAEMON Tools Lite\daemon.exe I:\Programme\Free Download Manager\fdm.exe I:\Programme\Tunngle\TnglCtrl.exe I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe I:\Programme\FRITZ!DSL\StCenter.exe I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe I:\Programme\HP\Digital Imaging\bin\hpqimzone.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\wuauclt.exe I:\Programme\Mozilla Firefox\firefox.exe N:\RSIT.exe I:\Dokumente und Einstellungen\Harms\Desktop\Harms.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flugwetter.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1 R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Programme\Free Download Manager\iefdm2.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {5ACF6D00-522E-4E15-9387-733063B2D076} - (no file) O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "I:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [tsnp2std] I:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [ZSSnp211] I:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] I:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "M:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "M:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Free Download Manager] I:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [COM+ Manager] "I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = I:\Programme\FRITZ!DSL\StCenter.exe O4 - Startup: GM_DevUpdate.lnk = I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://I:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.de/SnapfishActivia.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/plugintest/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - I:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Apache2 - Apache Software Foundation - M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - I:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - I:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - I:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Programme\Tunngle\TnglCtrl.exe -- End of file - 11648 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-17 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - I:\Programme\Free Download Manager\iefdm2.dll [2009-05-23 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] {5ACF6D00-522E-4E15-9387-733063B2D076} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar mit Pop-Up-Blocker - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=I:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "KernelFaultCheck"=I:\WINDOWS\system32\dumprep 0 -k [] "avgnt"=I:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "tsnp2std"=I:\WINDOWS\tsnp2std.exe [2006-01-16 114688] "ZSSnp211"=I:\WINDOWS\ZSSnp211.exe [2006-08-18 49152] "Domino"=I:\WINDOWS\Domino.exe [2006-08-18 49152] " Malwarebytes Anti-Malware (reboot)"=M:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=I:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools Lite"=M:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Free Download Manager"=I:\Programme\Free Download Manager\fdm.exe [2009-09-14 3698735] "COM+ Manager"=I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe [2009-12-02 312832] I:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart HP Digital Imaging Monitor.lnk - I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe HP Photosmart Premier – Schnellstart.lnk - I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe I:\Dokumente und Einstellungen\Harms\Startmenü\Programme\Autostart FRITZ!DSL Startcenter.lnk - I:\Programme\FRITZ!DSL\StCenter.exe GM_DevUpdate.lnk - I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 I:\WINDOWS\system32\opnnkijj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\fsetup.exe"="H:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\IGDCTRL.EXE"="I:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "G:\fsetup.exe"="G:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\FBOXUPD.EXE"="I:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "I:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "I:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="I:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "I:\Programme\HP\Digital Imaging\bin\hposid01.exe"="I:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "I:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="I:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "I:\Programme\Internet Explorer\iexplore.exe"="I:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe"="I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe:*  isabled:javaw""I:\WINDOWS\system32\dplaysvr.exe"="I:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "I:\Programme\Condor\Condor.exe"="I:\Programme\Condor\Condor.exe:*:Enabled:Condor" "I:\Programme\Condor\CondorServer.exe"="I:\Programme\Condor\CondorServer.exe:*:Enabled:CondorServer" "M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2" "M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "I:\WINDOWS\system32\java.exe"="I:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary" "I:\Programme\Mozilla Firefox\firefox.exe"="I:\Programme\Mozilla Firefox\firefox.exe:* isabled:Firefox""I:\Programme\Condor\CondorDedicated.exe"="I:\Programme\Condor\CondorDedicated.exe:*:Enabled:CondorDedicated" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe"="M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe:*:Enabled:mysqld" "M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe"="M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt" "M:\Christian\WOW_server\realmd.exe"="M:\Christian\WOW_server\realmd.exe:*:Enabled:realmd" "M:\Christian\WOW_server\mangosd.exe"="M:\Christian\WOW_server\mangosd.exe:*:Enabled:mangosd" "I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager" "M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi" "M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin" "I:\Programme\ICQ6.5\ICQ.exe"="I:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe"="I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Chat Republic Games Player" "M:\Programme\SopCast\adv\SopAdver.exe"="M:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "M:\Programme\SopCast\SopCast.exe"="M:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe:*:Enabled:TSC" "I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe"="I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate" "I:\Programme\Tunngle\tnglctrl.exe"="I:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service" "I:\Programme\Tunngle\tunngle.exe"="I:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client" "D:\Programme\utorrent\utorrent14458.exe"="D:\Programme\utorrent\utorrent14458.exe:*:Enabled:µTorrent" "I:\WINDOWS\system32\PnkBstrA.exe"="I:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "I:\WINDOWS\system32\PnkBstrB.exe"="I:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "I:\Programme\Skype\Plugin Manager\skypePM.exe"="I:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "I:\Programme\Skype\Phone\Skype.exe"="I:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe"="I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe:*:Enabled:System Defender" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "M:\Programme\NCsoft\Exteel\System\Exteel.exe"="M:\Programme\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c934f0-f356-11dc-96ca-d02f97efaa28}] shell\AutoRun\command - O:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2df83e12-f1e5-11dd-99ea-9a5b4bf7fbb6}] shell\AutoRun\command - C:\PStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444aead8-a056-11dd-988b-000c7640ed17}] shell\AutoRun\command - L:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b05438-1027-11dd-970f-a0277c61322f}] shell\AutoRun\command - K:\preinst.exe ======List of files/folders created in the last 1 months====== 2009-12-04 18:02:23 ----D---- I:\Avenger 2009-12-04 18:02:22 ----A---- I:\avenger.txt 2009-12-04 16:46:07 ----D---- I:\rsit 2009-12-03 15:16:18 ----D---- I:\Programme\ESET 2009-12-02 22:21:02 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WSKZLSJD_APDM 2009-12-02 22:20:49 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb 2009-12-02 22:10:19 ----A---- I:\WINDOWS\system32\YYtZL0.exe 2009-11-28 19:42:59 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\skypePM 2009-11-28 19:35:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Skype 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien\Skype 2009-11-28 19:35:03 ----RD---- I:\Programme\Skype 2009-11-28 19:34:46 ----D---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-11-27 16:20:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\FrostWire 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZSSnp211.EXE 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZS211Cap.exe 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\Domino.EXE 2009-11-24 21:03:59 ----RA---- I:\WINDOWS\system32\ZS211STI.dll 2009-11-24 21:02:03 ----A---- I:\WINDOWS\WindowsXP-KB822603-x86.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\vsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\tsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\snp2std.ini 2009-11-24 21:02:00 ----D---- I:\Programme\Gemeinsame Dateien\snp2std 2009-11-24 21:02:00 ----A---- I:\WINDOWS\vsnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\system32\csnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\rsnp2std.dll 2009-11-24 20:53:56 ----D---- I:\Programme\STV 2009-11-24 20:47:25 ----RA---- I:\WINDOWS\amcap.exe 2009-11-24 20:47:25 ----A---- I:\WINDOWS\FixCamera.exe 2009-11-24 14:23:12 ----D---- I:\Programme\Microsoft 2009-11-13 16:37:06 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Acreon ======List of files/folders modified in the last 1 months====== 2009-12-04 18:17:17 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Free Download Manager 2009-12-04 18:09:21 ----D---- I:\Programme\Mozilla Firefox 2009-12-04 18:03:27 ----D---- I:\WINDOWS\Temp 2009-12-04 18:03:26 ----D---- I:\WINDOWS\system32\CatRoot2 2009-12-04 18:03:04 ----D---- I:\WINDOWS 2009-12-04 18:02:23 ----SD---- I:\WINDOWS\Tasks 2009-12-04 18:02:23 ----D---- I:\WINDOWS\system32\drivers 2009-12-04 18:00:54 ----A---- I:\WINDOWS\SchedLgU.Txt 2009-12-04 18:00:13 ----D---- I:\WINDOWS\Prefetch 2009-12-04 17:45:22 ----D---- I:\WINDOWS\system32 2009-12-03 16:13:05 ----D---- I:\Downloads 2009-12-03 15:23:36 ----D---- I:\WINDOWS\Minidump 2009-12-03 15:16:25 ----SD---- I:\WINDOWS\Downloaded Program Files 2009-12-03 15:16:18 ----RD---- I:\Programme 2009-12-03 14:53:11 ----AD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-03 14:42:25 ----HD---- I:\WINDOWS\inf 2009-12-03 14:38:37 ----HD---- I:\WINDOWS\$hf_mig$ 2009-11-29 12:33:29 ----A---- I:\WINDOWS\win.ini 2009-11-28 19:35:35 ----SHD---- I:\WINDOWS\Installer 2009-11-28 19:35:35 ----HD---- I:\Config.Msi 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien 2009-11-27 16:20:09 ----D---- I:\Programme\Free Download Manager 2009-11-25 14:56:05 ----SD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-11-24 21:04:13 ----D---- I:\WINDOWS\twain_32 2009-11-24 21:04:03 ----RSHDC---- I:\WINDOWS\system32\dllcache 2009-11-24 21:02:00 ----HD---- I:\Programme\InstallShield Installation Information 2009-11-21 11:30:03 ----SD---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Microsoft 2009-11-05 20:00:09 ----D---- I:\Programme\Condor ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7-Prozessortreiber; I:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\I:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; I:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; I:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 atksgt;atksgt; I:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-12-07 165376] R2 avgntflt;avgntflt; I:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656] R2 lirsgt;lirsgt; I:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-12-07 18048] R2 tmcomm;tmcomm; \??\I:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 AVMUNET;AVM FRITZ!Box; I:\WINDOWS\system32\DRIVERS\avmunet.sys [2006-10-06 14976] R3 HPZid412;IEEE-1284.4 Driver HPZid412; I:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; I:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; I:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; I:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB-Druckerklasse; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB-Scannertreiber; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB-Massenspeichertreiber; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 irenumm;irenumm; I:\WINDOWS\System32\drivers\irenumm.sys [] S2 PfModNT;PfModNT; \??\I:\WINDOWS\system32\PfModNT.sys [] S3 a1qhn0x0;a1qhn0x0; I:\WINDOWS\system32\drivers\a1qhn0x0.sys [] S3 CCDECODE;Untertiteldecoder; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmuda;C-Media WDM Audio Interface; I:\WINDOWS\system32\drivers\cmuda.sys [] S3 EagleNT;EagleNT; \??\I:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMFilter;GMFilter HID Filter Driver; I:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840] S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Microsoft HID Class-Treiber; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 IKFileSec;File Security Driver; I:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-17 40840] S3 IKSysFlt;System Filter Driver; I:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-17 66952] S3 IKSysSec;System Security Driver; I:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-17 81288] S3 mouhid;Maus-HID-Treiber; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; I:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; I:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 SaiHFF52;SaiHFF52; I:\WINDOWS\system32\DRIVERS\SaiHFF52.sys [2007-05-01 132232] S3 SaiUFF52;SaiUFF52; I:\WINDOWS\system32\DRIVERS\SaiUFF52.sys [2007-05-01 28416] S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); I:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600] S3 teamviewervpn;TeamViewer VPN Adapter; I:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] S3 VBoxNetFlt;VBoxNetFlt Service; I:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [] S3 wip0204;Wippien Network Adapter 2.4; I:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-08-25 23480] S3 WpdUsb;WpdUsb; I:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva289;XDva289; \??\I:\WINDOWS\system32\XDva289.sys [] S3 ZSMC211;USB PC Camera (ZS0211); I:\WINDOWS\System32\Drivers\ZS211.sys [2006-08-08 391836] S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; I:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 Apache2;Apache2; M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe [2008-05-09 16896] R2 AVM IGD CTRL Service;AVM IGD CTRL Service; I:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920] R2 MDM;Machine Debug Manager; I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NMSAccessU;NMSAccessU; I:\Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] R2 Pml Driver HPZ12;Pml Driver HPZ12; I:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 PnkBstrA;PnkBstrA; I:\WINDOWS\system32\PnkBstrA.exe [2009-07-03 75064] R2 TunngleService;TunngleService; I:\Programme\Tunngle\TnglCtrl.exe [2009-04-24 664824] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET-Zustandsdienst; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 de_serv;AVM FRITZ!web Routing Service; I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-11-21 315392] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-17 168432] S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; I:\WINDOWS\system32\GameMon.des [2009-02-17 2736890] S3 ose;Office Source Engine; I:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; I:\Programme\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; I:\Programme\Spyware Doctor\pctsSvc.exe [2008-11-17 1079176] S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; I:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 AntiVirService;Avira AntiVir Guard; I:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
04.12.2009, 18:55
| #18 |
| | System Defender und bestimmt noch mehr Hallo,
__________________nochmal mit Avenger wie eben. Diesmal hiermit: Code:
ATTFilter drivers to disable:
XDva289.sys
a1qhn0x0.sys
drivers to delete:
XDva289.sys
a1qhn0x0.sys
__________________ |
|
04.12.2009, 19:06
| #19 |
| | System Defender und bestimmt noch mehr Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at I:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "XDva289.sys" Disablement of driver "XDva289.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "a1qhn0x0.sys" Disablement of driver "a1qhn0x0.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\XDva289.sys" not found! Deletion of driver "XDva289.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\a1qhn0x0.sys" not found! Deletion of driver "a1qhn0x0.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
04.12.2009, 19:06
| #20 |
| | System Defender und bestimmt noch mehr ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Besonders hartnäckige Malware erkennt eine combofix.exe und würde sich vor ihr gezielt verstecken! Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: [HTML] Code:
ATTFilter Hier das Logfile rein!
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
Linear-Darstellung
